Last Call: <draft-ietf-krb-wg-des-die-die-die-04.txt> (Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos) to Best Current Practice
The IESG <iesg-secretary@ietf.org> Thu, 22 March 2012 15:26 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F93721F859A for <ietf-announce@ietfa.amsl.com>; Thu, 22 Mar 2012 08:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.46
X-Spam-Level:
X-Spam-Status: No, score=-102.46 tagged_above=-999 required=5 tests=[AWL=0.139, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2lAuBvZO3nR; Thu, 22 Mar 2012 08:26:11 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D9FD21F8504; Thu, 22 Mar 2012 08:26:11 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Last Call: <draft-ietf-krb-wg-des-die-die-die-04.txt> (Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos) to Best Current Practice
X-Test-IDTracker: no
X-IETF-IDTracker: 4.00
Message-ID: <20120322152611.20184.76979.idtracker@ietfa.amsl.com>
Date: Thu, 22 Mar 2012 08:26:11 -0700
Cc: ietf-krb-wg@lists.anl.gov
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2012 15:26:12 -0000
The IESG has received a request from the Kerberos WG (krb-wg) to consider the following document: - 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' <draft-ietf-krb-wg-des-die-die-die-04.txt> as a Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-04-05. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Kerberos 5 network authentication protocol, originally specified in RFC1510, can use the Data Encryption Standard (DES) for encryption. Almost 30 years after first publishing DES, the National Institute of Standards and Technology (NIST) finally withdrew the standard in 2005, reflecting a long-established consensus that DES is insufficiently secure. By 2008, commercial hardware costing less than USD 15,000 could break DES keys in less than a day on average. DES is long past its sell-by date. Accordingly, this document updates RFC1964, RFC4120, RFC4121, and RFC4757 to deprecate the use of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos. Because RFC1510 (obsoleted by RFC4120) supports only DES, this document reclassifies RFC1510 as Historic. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/ballot/ No IPR declarations have been submitted directly on this I-D.